Win a copy of Design for the Mind this week in the Design forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Tomcat & Multiple SSL Certificates

 
Isaac Martinez
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Goal: Intall two SSL certificates in the same server, but working for two
different IP addresses and domains.

I have:
- One server running Tomcat 5.5 over Windows.
- Two IP addresses.
- Two domains, one for each IP address.
- Two SSL certificates one for each domain.
- A keystore and alias for each certificate.

I think I need to configure two hosts (or virtual hosts, what's the
difference between these?), and setup two HTTPS connectors with IP based
scheema.

I tried using the following configuration:

<Service name="Catalina">
...
<Connector port="80" maxThreads="300" minSpareThreads="25"
maxSpareThreads="75" enableLookups="true" acceptCount="100"
redirectPort="443" connectionTimeout="20000"
disableUploadTimeout="true" />

<Connector port="443" name="72.3.245.1"
maxThreads="100" strategy="ms" maxHttpHeaderSize="8192"
emptySessionPath="true" useIPVHosts="tru"
scheme="https" secure="true" clientAuth="false"
keystoreFile="D:/jdk1.5.0_02/bin/key1"
keystorePass="pass1" sslProtocol = "TLS" />

<Connector port="443" name="72.32.93.2"
maxThreads="100" strategy="ms" maxHttpHeaderSize="8192"
emptySessionPath="true" useIPVHosts="true"
scheme="https" secure="true" clientAuth="false"
keystoreFile="D:/jdk1.5.0_02/bin/key2"
keystorePass="pass2" sslProtocol = "TLS" />

<Connector port="8009"
enableLookups="false" redirectPort="443" protocol="AJP/1.3" />

<Engine name="Catalina" defaultHost="localhost">

...

<Host name="72.3.245.1" appBase="webapps"
unpackWARs="true" autoDeploy="true"
xmlValidation="false" xmlNamespaceAware="false">
</Host>

<Host name="72.3.245.2" appBase="webapps"
unpackWARs="true" autoDeploy="true"
xmlValidation="false" xmlNamespaceAware="false">
...

</Engine>
...

</Service>


It didn't work at all, I have the first certificate on the first IP working.
But the second certificate just don't work because it gets the first
certificate not the second, so the domains don't match.

Any help on this is welcome, thank you.

Isaac Mart´┐Żnez Hatch
 
William Brogden
Author and all-around good cowpoke
Rancher
Posts: 13058
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I've never done a configuration like that, but:

That does not match either of the virtual hosts - where did it come from?
Bill
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic